Created attachment 208366 [details] Page demonstrating the crash If you go to the attached page using QtTestBrowser, and you don't have Helvetica, or a font providing Helvetica installed, then the browser crashes immediately. As a workaround, I can install msttcorefonts, which contains Arial, which provides Helvetica. The problem appears to be this section of CSSFontFaceSource.cpp: SimpleFontData* temporaryFont = fontCache()->getNonRetainedLastResortFallbackFont(fontDescription); fontData = SimpleFontData::create(temporaryFont->platformData(), true, true); If Helvetica isn't available, `temporaryFont` is null, and `temporaryFont->platformData()` crashes. Backtrace: #0 0x00007ffff5229cf8 in WTF::RefPtr<WebCore::FontPlatformDataPrivate>::RefPtr (this=0x14081a0, o=...) at /home/blong/workspace/webkit/Source/WTF/wtf/RefPtr.h:44 #1 0x00007ffff5228125 in WebCore::FontPlatformData::FontPlatformData (this=0x14081a0) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/qt/FontPlatformData.h:80 #2 0x00007ffff526f73f in WebCore::SimpleFontData::SimpleFontData (this=0x1408160, platformData=..., isCustomFont=true, isLoading=true, isTextOrientationFallback=false) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/SimpleFontData.cpp:60 #3 0x00007ffff4b2f75e in WebCore::SimpleFontData::create (platformData=..., isCustomFont=true, isLoading=true, isTextOrientationFallback=false) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/SimpleFontData.h:88 #4 0x00007ffff4b303d8 in WebCore::CSSFontFaceSource::getFontData (this=0x10922b0, fontDescription=..., syntheticBold=false, syntheticItalic=false, fontSelector=0xa66150) at /home/blong/workspace/webkit/Source/WebCore/css/CSSFontFaceSource.cpp:185 #5 0x00007ffff4b18599 in WebCore::CSSFontFace::getFontData (this=0x1058d30, fontDescription=..., syntheticBold=false, syntheticItalic=false) at /home/blong/workspace/webkit/Source/WebCore/css/CSSFontFace.cpp:127 #6 0x00007ffff4bad2cf in WebCore::CSSSegmentedFontFace::getFontData (this=0x13a5460, fontDescription=...) at /home/blong/workspace/webkit/Source/WebCore/css/CSSSegmentedFontFace.cpp:141 #7 0x00007ffff4b2263b in WebCore::CSSFontSelector::getFontData (this=0xa66150, fontDescription=..., familyName=...) at /home/blong/workspace/webkit/Source/WebCore/css/CSSFontSelector.cpp:504 #8 0x00007ffff52291d8 in WebCore::FontCache::getFontData (this=0x961170, description=..., familyIndex=@0x108ff7c: 0, fontSelector=0xa66150) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/FontCache.cpp:469 #9 0x00007ffff520c04d in WebCore::FontGlyphs::realizeFontDataAt (this=0x108fec0, description=..., realizedFontIndex=0) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/FontGlyphs.cpp:110 #10 0x00007ffff4f12410 in WebCore::FontGlyphs::primaryFontData (this=0x108fec0, description=...) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/FontGlyphs.h:89 #11 0x00007ffff4f12472 in WebCore::FontGlyphs::primarySimpleFontData (this=0x108fec0, description=...) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/FontGlyphs.h:123 #12 0x00007ffff4f12556 in WebCore::Font::primaryFont (this=0x10693b8) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/Font.h:326 #13 0x00007ffff4f124be in WebCore::Font::fontMetrics (this=0x10693b8) at /home/blong/workspace/webkit/Source/WebCore/platform/graphics/Font.h:143 #14 0x00007ffff555d216 in WebCore::RenderStyle::fontMetrics (this=0x12a0590) at /home/blong/workspace/webkit/Source/WebCore/rendering/style/RenderStyle.cpp:1331 #15 0x00007ffff555d502 in WebCore::RenderStyle::computedLineHeight (this=0x12a0590, renderView=0xa62ad8) at /home/blong/workspace/webkit/Source/WebCore/rendering/style/RenderStyle.cpp:1372 #16 0x00007ffff5381e90 in WebCore::RenderBlock::lineHeight (this=0x12bcd18, firstLine=true, direction=WebCore::HorizontalLine, linePositionMode=WebCore::PositionOfInteriorLineBoxes) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:6550 #17 0x00007ffff53aa1ff in WebCore::logicalHeightForLine (block=0x12bcd18, isFirstLine=true, replacedHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:76 #18 0x00007ffff53aa6e1 in WebCore::LineWidth::updateAvailableWidth (this=0x7fffffff7ba0, replacedHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:177 #19 0x00007ffff53aa44b in WebCore::LineWidth::LineWidth (this=0x7fffffff7ba0, block=0x12bcd18, isFirstLine=true, shouldIndentText=WebCore::IndentText) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:121 #20 0x00007ffff53b76bf in WebCore::RenderBlock::LineBreaker::nextSegmentBreak (this=0x7fffffff9290, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2926 #21 0x00007ffff53b6de3 in WebCore::RenderBlock::LineBreaker::nextLineBreak (this=0x7fffffff9290, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2815 #22 0x00007ffff53b1974 in WebCore::RenderBlock::layoutRunsAndFloatsInRange (this=0x12bcd18, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1845 #23 0x00007ffff53b037b in WebCore::RenderBlock::layoutRunsAndFloats (this=0x12bcd18, layoutState=..., hasInlineChild=true) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1614 #24 0x00007ffff53b3ac4 in WebCore::RenderBlock::layoutInlineChildren (this=0x12bcd18, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2189 #25 0x00007ffff5366eec in WebCore::RenderBlock::layoutBlock (this=0x12bcd18, relayoutChildren=true, pageLogicalHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1656 #26 0x00007ffff5366355 in WebCore::RenderBlock::layout (this=0x12bcd18) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1428 #27 0x00007ffff536bae1 in WebCore::RenderBlock::layoutBlockChild (this=0x129e1c8, child=0x12bcd18, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:2669 #28 0x00007ffff536b6ba in WebCore::RenderBlock::layoutBlockChildren (this=0x129e1c8, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:2604 #29 0x00007ffff5366f0d in WebCore::RenderBlock::layoutBlock (this=0x129e1c8, relayoutChildren=true, pageLogicalHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1658 #30 0x00007ffff5366355 in WebCore::RenderBlock::layout (this=0x129e1c8) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1428 #31 0x00007ffff53319b1 in WebCore::RenderObject::layoutIfNeeded (this=0x129e1c8) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderObject.h:704 #32 0x00007ffff536cd2a in WebCore::RenderBlock::layoutPositionedObjects (this=0x112c928, relayoutChildren=true, fixedPositionObjectsOnly=false) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:2920 #33 0x00007ffff5367313 in WebCore::RenderBlock::layoutBlock (this=0x112c928, relayoutChildren=true, pageLogicalHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1696 #34 0x00007ffff5366355 in WebCore::RenderBlock::layout (this=0x112c928) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1428 #35 0x00007ffff53319b1 in WebCore::RenderObject::layoutIfNeeded (this=0x112c928) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderObject.h:704 #36 0x00007ffff536cd2a in WebCore::RenderBlock::layoutPositionedObjects (this=0x11f4d18, relayoutChildren=true, fixedPositionObjectsOnly=false) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:2920 #37 0x00007ffff5367313 in WebCore::RenderBlock::layoutBlock (this=0x11f4d18, relayoutChildren=true, pageLogicalHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1696 #38 0x00007ffff5366355 in WebCore::RenderBlock::layout (this=0x11f4d18) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1428 #39 0x00007ffff53319b1 in WebCore::RenderObject::layoutIfNeeded (this=0x11f4d18) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderObject.h:704 #40 0x00007ffff536cd2a in WebCore::RenderBlock::layoutPositionedObjects (this=0xa62ad8, relayoutChildren=false, fixedPositionObjectsOnly=false) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:2920 #41 0x00007ffff5367313 in WebCore::RenderBlock::layoutBlock (this=0xa62ad8, relayoutChildren=false, pageLogicalHeight=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1696 #42 0x00007ffff5366355 in WebCore::RenderBlock::layout (this=0xa62ad8) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderBlock.cpp:1428 #43 0x00007ffff5524523 in WebCore::RenderView::layoutContent (this=0xa62ad8, state=...) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderView.cpp:142 #44 0x00007ffff5525245 in WebCore::RenderView::layout (this=0xa62ad8) at /home/blong/workspace/webkit/Source/WebCore/rendering/RenderView.cpp:327 #45 0x00007ffff51ac42a in WebCore::FrameView::layout (this=0xaaa1e0, allowSubtree=true) at /home/blong/workspace/webkit/Source/WebCore/page/FrameView.cpp:1327 #46 0x00007ffff51b0543 in WebCore::FrameView::layoutTimerFired (this=0xaaa1e0) at /home/blong/workspace/webkit/Source/WebCore/page/FrameView.cpp:2410 #47 0x00007ffff51be02e in WebCore::Timer<WebCore::FrameView>::fired (this=0xaaa318) at /home/blong/workspace/webkit/Source/WebCore/platform/Timer.h:114 #48 0x00007ffff52fcc8d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x9809e0) at /home/blong/workspace/webkit/Source/WebCore/platform/ThreadTimers.cpp:129 #49 0x00007ffff52fcba1 in WebCore::ThreadTimers::sharedTimerFired () at /home/blong/workspace/webkit/Source/WebCore/platform/ThreadTimers.cpp:105 #50 0x00007ffff560bd2a in WebCore::SharedTimerQt::timerEvent (this=0x980e30, ev=0x7fffffffba00) at /home/blong/workspace/webkit/Source/WebCore/platform/qt/SharedTimerQt.cpp:113 #51 0x00007ffff136229c in QObject::event (this=0x980e30, e=0x7fffffffba00) at kernel/qobject.cpp:1051 #52 0x00007ffff1eb062a in QApplicationPrivate::notify_helper (this=0x64b700, receiver=0x980e30, e=0x7fffffffba00) at kernel/qapplication.cpp:3442 #53 0x00007ffff1eadcbe in QApplication::notify (this=0x7fffffffbeb0, receiver=0x980e30, e=0x7fffffffba00) at kernel/qapplication.cpp:2845 #54 0x00007ffff1328318 in QCoreApplication::notifyInternal (this=0x7fffffffbeb0, receiver=0x980e30, event=0x7fffffffba00) at kernel/qcoreapplication.cpp:871 #55 0x00007ffff132bf95 in QCoreApplication::sendEvent (receiver=0x980e30, event=0x7fffffffba00) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:232 #56 0x00007ffff13983d8 in QTimerInfoList::activateTimers (this=0x656060) at kernel/qtimerinfo_unix.cpp:643 #57 0x00007ffff1399579 in timerSourceDispatch (source=0x656000) at kernel/qeventdispatcher_glib.cpp:185 #58 0x00007fffebfd0d53 in g_main_dispatch (context=0x654e00) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:2539 #59 g_main_context_dispatch (context=0x654e00) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3075 #60 0x00007fffebfd10a0 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x654e00, self=<optimized out>) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3146 #61 g_main_context_iterate (context=0x654e00, block=<optimized out>, dispatch=1, self=<optimized out>) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3083 #62 0x00007fffebfd1164 in g_main_context_iteration (context=0x654e00, may_block=1) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3207 #63 0x00007ffff1399f3b in QEventDispatcherGlib::processEvents (this=0x64e4f0, flags=...) at kernel/qeventdispatcher_glib.cpp:426 #64 0x00007fffe6d170f2 in QPAEventDispatcherGlib::processEvents (this=0x64e4f0, flags=...) at eventdispatchers/qeventdispatcher_glib.cpp:123 #65 0x00007ffff1324ed8 in QEventLoop::processEvents (this=0x7fffffffbd50, flags=...) at kernel/qeventloop.cpp:136 #66 0x00007ffff13251b1 in QEventLoop::exec (this=0x7fffffffbd50, flags=...) at kernel/qeventloop.cpp:212 #67 0x00007ffff13289d0 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1124 #68 0x00007ffff1704d48 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1198 #69 0x00007ffff1ead7f1 in QApplication::exec () at kernel/qapplication.cpp:2689 #70 0x000000000042708e in launcherMain (app=...) at /home/blong/workspace/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:50 #71 0x0000000000428dd5 in main (argc=2, argv=0x7fffffffc0f8) at /home/blong/workspace/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:319